PT-2019-3050 · Microsoft · Windows Subsystem For Linux+1

Guo Zhipan

Published

2019-08-13

Updated

2024-07-03

CVE-2019-1185

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Subsystem for Linux (WSL) (affected versions not specified)

Description The issue is related to insufficient access control in the Windows Subsystem for Linux, which can be exploited to elevate privileges and execute arbitrary code using a specially crafted application. A locally authenticated attacker could exploit this by running such an application, potentially allowing them to execute code with elevated permissions. The vulnerability is due to a stack corruption in Windows Subsystem for Linux.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-264

Related Identifiers

BDU:2019-03032

CVE-2019-1185

Affected Products

Windows

Windows Subsystem For Linux

PT-2019-3050 · Microsoft · Windows Subsystem For Linux+1

CVE-2019-1185

Weakness Enumeration

Related Identifiers

Affected Products

References · 6